Legal claims defining the scope of protection, as filed with the USPTO.
1. A method of authenticating a user on a network, comprising: receiving, by a security server, a request of a network site for authentication of the user; calculating, by the security server in response to the receipt of the authentication request, a one-time-password based on (i) a secret shared by the security server and the network site but not by the user, and the secret is not shared or associated by the security server or the network site with the user, and (ii) a one-time-password generating algorithm, wherein the one-time-password is independently calculable by the network site based on the shared secret and the one-time-password generating algorithm; transmitting, by the security server to the network site, a time stamp or counter value associated with the calculated one-time-password; and transmitting, by the security server to the user, the calculated one-time-password to authenticate the user to the network site.
2. The method of claim 1 , wherein: the user is represented on the network by a user network device executing code embedded in a network page that is (i) associated with the network site and (ii) displayed by the user network device; and the authentication request is received from the user network device in accordance with the execution of the embedded network page code.
3. The method of claim 1 , wherein: the user is represented on the network by a user network device which displays a network page associated with the network site; and the calculated one-time-password is transmitted, by the security server to the user network device for presentation on a window displayed by the user network device and entry by the user onto the displayed network page.
4. The method of claim 3 , further comprising: receiving, by a security server from the user network device, an identifier of the user network device and an identifier of the network site; and transmitting, by the security server to the user network device in response to the receipt of the identifiers, an indication of legitimacy of the network site that will cause display of a corresponding legitimacy indicator on both the displayed network page and the displayed window.
5. The method of claim 4 , further comprising: determining, by the security server, the legitimacy of the network site based on the received network site identifier.
6. The method of claim 5 , further comprising: storing, by the security server on the user network device, a local session object; wherein the received user network device identifier includes the stored local session object; and wherein the received network site identifier includes a network address of the network site presented in the displayed network page.
7. The method of claim 4 , wherein: if the transmitted indication indicates that the network site is legitimate, the corresponding legitimacy indicator includes a first type visual cue in a first state; and if the transmitted indication indicates that the network site is illegitimate, the corresponding legitimacy indicator includes the first type visual cue in a second state.
8. The method of claim 7 , wherein: the first type visual cue is a light; the first state is green; and the second state is red.
9. The method of claim 7 , further comprising: if the transmitted indication indicates that the network site is legitimate, the corresponding legitimacy indicator also includes a second type visual cue in the form of a random image.
10. An article of manufacture for authenticating a user on a network, comprising: non-transitory processor readable storage medium; and logic stored on the storage medium, wherein the stored logic is configured to be readable by a processor and thereby cause the processor to operate so as to: receive a request of a network site for authentication of the user; calculate in response to the receipt of the authentication request, a one-time-password based on (i) a secret shared by a security server and the network site but not by the user, and the secret is not shared or associated by the security server or the network site with the user, and (ii) a one-time-password generating algorithm, wherein the one-time-password is independently calculable by the network site based on the shared secret and the one-time-password generating algorithm; transmit, to the network site, a time stamp or counter value associated with the calculated one-time-password; and transmit the calculated one-time-password to authenticate the user to the network site.
11. The article of manufacture of claim 10 , wherein: the user is represented on the network by a user network device executing code embedded in a network page that is (i) associated with the network site and (ii) displayed by the user network device; and the authentication request is received from the user network device in accordance with the execution of the embedded network page code.
12. The article of manufacture of claim 10 , wherein: the user is represented on the network by a user network device which displays a network page associated with the network site; and the calculated one-time-password is transmitted to the user network device for presentation on a window displayed by the user network device and entry by the user onto the displayed network page.
13. The article of manufacture of claim 12 , wherein the stored logic is further configured to cause the processor to operate so as to: receive, from the user network device, an identifier of the user network device and an identifier of the network site; and transmit, to the user network device in response to the receipt of the identifiers, an indication of legitimacy of the network site that will cause display of a corresponding legitimacy indicator on both the displayed network page and the displayed window.
14. The article of manufacture of claim 13 , wherein: the stored logic is further configured to cause the processor to operate so as to: store, on the user network device, a local session object; and determine the legitimacy of the network site based on the received network site identifier; the received user network device identifier includes the stored local session object; and the received network site identifier includes a network address of the network site included in the displayed network page.
15. The article of manufacture of claim 13 , wherein: if the transmitted indication indicates that the network site is legitimate, the corresponding legitimacy indicator will include a first type visual cue in a first state and a second type visual cue in the form of a random image; and if the transmitted indication indicates that the network site is illegitimate, the corresponding legitimacy indicator will include the first type visual cue in a second state.
16. A system for authenticating a user on a network, comprising: a communications port configured to receive a request of a network site for authentication of the user; and a processor configured to calculate, in response to the receipt of the authentication request, a one-time-password based on (i) a secret shared by a security server and the network site, but not by the user, and the secret is not shared or associated by the security server or the network site with the user, and (ii) a one-time-password generating algorithm and to direct transmission of the calculated one-time-password and a time stamp or counter value associated with the calculated one-time-password to authenticate the user to the network site; wherein the one-time-password is independently calculable by the network site based on the shared secret and the one-time-password generating algorithm.
17. The system of claim 16 , wherein: the user is represented on the network by a user network device executing code embedded in a network page that is (i) associated with the network site and (ii) displayed by the user network device; and the authentication request is received from the user network device in accordance with the execution of the embedded network page code.
18. The system of claim 16 , wherein: the user is represented on the network by a user network device displaying a network page associated with the network site; and the calculated one-time-password is transmitted to the user network device for presentation on a window displayed by the user network device and entry by the user onto the displayed network page.
19. The system of claim 18 , wherein: the communications port is further configured to receive, from the user network device, an identifier of the user network device and an identifier of the network site; and the processor is further configured to direct transmission, to the user network device in response to the receipt of the identifiers, of an indication of legitimacy of the network site that will cause display of a corresponding legitimacy indicator on both the displayed network page and the displayed window.
20. The system of claim 19 , wherein: the processor is further configured to direct storage of a local session object on the user network device, and determine the legitimacy of the network site based on the received network site identifier; the received user network device identifier includes the stored local session object; and the received network site identifier includes a network address of the network site presented in the displayed network page.
21. The system of claim 19 , wherein: if the transmitted indication indicates that the network site is legitimate, the corresponding legitimacy indicator includes a first visual cue in a first state and a second visual cue in the form of a random image; and if the transmitted indication indicates that the network site is illegitimate, the corresponding legitimacy indicator includes the first visual cue in a second state.
22. A method of authenticating a user on a network, comprising: receiving, by a first user agent on a user network device from a network site, a request of the network site for the user to be authenticated; transmitting, by the first user agent to a security server, the network site request; receiving, by a second user agent on the user network device from the security server in response to transmission of the network site request, a one-time-password calculated based on (i) a secret shared by the security server and the network site, but not by the user, and the secret is not shared or associated by the security server or the network site with the user and (ii) a one-time-password generating algorithm; transferring the one-time-password from second user agent to first user agent; and transmitting, by the first user agent to the network site, the one-time-password to authenticate the user to the network site; wherein the one-time-password is independently calculable by the network site based on the shared secret and the one-time-password generating algorithm.
23. The method of claim 22 , further comprising: transmitting, by the first user agent to the network site, a request of the user to access the network site; wherein the network site request is received in response to the transmitted user request.
24. The method of claim 22 , wherein: the first user agent is a network page that is associated with the network site and displayed on the user network device; and the second user agent is a window displayed on the user network device.
25. The method of claim 24 , wherein: the network page has embedded code; and the transmission of the network site request by the first user agent to the security server is based on execution of the embedded network page code by the user network device.
Unknown
October 1, 2013
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.